Date: Sun, 22 Sep 2013 17:51:59 +0200 From: David Demelier <demelier.david@gmail.com> To: Fbsd8 <fbsd8@a1poweruser.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: rctl within jail Message-ID: <523F121F.50407@gmail.com> In-Reply-To: <523EF48A.9090007@a1poweruser.com> References: <5236B4A2.4000103@gmail.com> <523EF48A.9090007@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22.09.2013 15:45, Fbsd8 wrote: > David Demelier wrote: >> Hello there, >> >> I wanted to use rctl within a jail to add more fine grained setting for >> some users, and default ones to. But it does not seem to work. Is it >> supported? Do we need to add a special flag to the jail creation? >> >> # rctl -a loginclass:default:maxproc:deny=30 >> rctl: rctl_add_rule: Operation not permitted >> >> Regards, >> >> David > > The rctl command is brand new. It does not have a group of users yet, so > that is why you have not received any replies to your post. > > As far as I know you can not issue the "rctl" command from within the > running jail. > > The "rctl" command is issued on the HOST only. > > You can apply rules to an entire jail if you want to, for example; to > limit the amount of memory a jail can use: > > # rctl -a jail:<jailname>:memoryuse:deny=1G > > (where <jailname> is the name of your jail). This would make sure the > jail can't use more than (approximately) 1 gigabyte of memory. > > To enable rctl on the host, you need to compile a custom kernel that > contains the following 2 parameters; > options RACCT > options RCTL > Yes, I will also post a PR for this because no manpage is saying that you requires this on your kernel. I will provide a new manpage and a bit more documentation. > I think your rctl command would look like this when issued from the host > rctl -a jail:<jailname>:loginclass:default:maxproc:deny=30 > What I really want, is to avoid users to spawn too much processes (aka fork bombs). But if I apply to the jail directly, it also apply to the services jails, which is a bit not wanted. Regards, David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?523F121F.50407>